What can an Intrusion attack result in?

Before we get into the nitty-gritty of an Intrusion attack, let's have a brief discussion on the revenue
sharing model of content services distributed over an IP-Multimedia Subsystem (Commonly referred to as
the IMS).

Let us take a hypothetical example where Robi launches something called a Robi TV which provides
access to premium content services (Video on Demand, Music, etc.) at a very nominal subscription fee to
its customers.

While 20% of the revenue is met with the subscription fee provided by customers, the rest of the 80% of
the revenue comes from the in-app advertisements broadcasted during the streaming of content.

The ad-services have a revenue sharing agreement with Robi which is governed by a policy of “pay-per-
view”. In other words, the ad-agency pays for every subscriber who views its advertisement while
streaming the content over Robi.

The Attack Scenario:

While Robi’s content app is fairly secure, many of its users have another gaming app called 'Doristo'
which is not very secure. 'Doristo' is an online gaming app which requires the users to be online to play
the game.

Robi TV meanwhile is in talks with Fox Star to launch the latest episodes of the Game of Thrones (GOT)
on its IMS platform and stream it to users with a premium subscription. This news was somehow leaked
to a hacker named Lucifer. Lucifer has been infamous in the past for launching DDoS attacks on many IP
based services, mainly through account take-over by installing exploits into the applications on the
victim's phone.

Lucifer, on getting the internal news, made a deal with a grey Torrent website called fasttorrents saying
that he shall be providing the website with the latest versions of the GOT seasons, for which fasttorrents
agreed to pay him a bitcoin value of 200.

Lucifer, in order to gain access to the IMS hosting Robi-tv's, first launched an exploit through the Doristo
app. The Doristo app usually requires a large number of phone permissions (Access to Contact, Camera,
Phone, etc.) in order to allow users to play online gaming. However, its loose encryptions allowed
Lucifer to install an exploit into the server hosting of the Doristo app. The exploits cause an auto-
upgrade of the Doristo app and then it is successfully downloaded into the Doristo app of the victims.

After making this successful launch, the exploit now takes control of the Robi-tv app, sometimes trying
to log-in on behalf of users who have their passwords auto-saved. Once logged in on behalf of the user,
the exploit now creates a grey route via the victim's application, where the GOT episodes are streamed
onto a grey torrent server belonging to fasttorrents.hk which decrypts the video encoder and stores the
content.

The exploit then locks the user by altering his password or removing essential pieces of codes in the
online video player, giving the error of a scrambled video.
Robi tv loses out on streaming minutes and also sees a decline in the monthly active users. This even
causes the ad-agencies to pay Robi-tv less, as the number of times their ads are viewed due to the
decrease in the users and the hours of streaming have decreased.

Even before the problem was brought to the light of the administration, fasttorrents.hk has already
released 5 episodes of the latest installment of the GOT series. Fasttorents.hk too have a similar revenue
sharing model like Robi-tv, however, in this case, 100% of the revenue earned by fasstorrents.hk comes
from ad-agencies. Due to tremendous fan craze, some of Robi-tv users switch to fasttorrents.hk, causing
both revenue and opportunity loss to Robi-tv.

Lucifer receives his promised share of 200 bitcoins from fasttorrents.